The role sits within a maturing cyber function aligning to ISO 27001 and financial-grade standards (similar to CPS 234). Reporting to the Principal Information Security Advisor, you will partner closely with project delivery teams, solution architects, vendors and cyber program stakeholders to uplift security in the systems delivery lifecycle (SDLC) and improve enterprise security outcomes.
Key Responsibilities:
- Provide security design advice into programs and projects
- Support the uplift of security within the systems delivery lifecycle
- Coordinate safeguard implementation and risk treatment activities
- Help establish a Cyber Front Door and supporting service catalogue
- Drive and coordinate security assessments and penetration testing
- Support risk management, security governance and compliance uplift
- Develop collateral, frameworks and operating models to enable delivery
- Collaborate with architecture and engineering stakeholders on patterns and controls
Environment & Stakeholder Landscape:
This organisation is undergoing a multi-year, whole-of-business transformation to 2030, with cyber playing a central role. The cyber function is expanding with maturing capability streams across Detect & Respond, Protect, Identity, DLP, AppSec and Risk.
Key engagement points include:
- Transformation program delivery teams and project managers
- Architecture
- Cyber program leadership
- Security capability streams
- External vendors and partners
- 10+ years' experience across cyber security advisory, consulting, governance or architecture
- Experience operating within complex enterprise environments
- Exposure to ISO 27001 and/or financial-grade governance standards (e.g. CPS 234)
- Broad security knowledge across technology, risk, cloud, SaaS and delivery models
- Strong autonomy and ability to prioritise and execute without continual direction
- A delivery-oriented mindset and comfort operating in maturing environments
- Strong stakeholder engagement and consulting capability
